841371 – (CVE-2022-1477, CVE-2022-1478, CVE-2022-1479, CVE-2022-1480, CVE-2022-1481, CVE-2022-1482, CVE-2022-1483, CVE-2022-1484, CVE-2022-1485, CVE-2022-1486, CVE-2022-1487, CVE-2022-1488, CVE-2022-1489, CVE-2022-1490, CVE-2022-1491, CVE-2022-1492, CVE-2022-1493, CVE-2022-1494, CVE-2022-1495, CVE-2022-1496, CVE-2022-1497, CVE-2022-1498, CVE-2022-1499, CVE-2022-1500, CVE-2022-1501) <www-client/chromium-101.0.4951.54 <www-client/google-chrome-101.0.4951.54: Multiple vulnerabilities

Bug 841371 (CVE-2022-1477, CVE-2022-1478, CVE-2022-1479, CVE-2022-1480, CVE-2022-1481, CVE-2022-1482, CVE-2022-1483, CVE-2022-1484, CVE-2022-1485, CVE-2022-1486, CVE-2022-1487, CVE-2022-1488, CVE-2022-1489, CVE-2022-1490, CVE-2022-1491, CVE-2022-1492, CVE-2022-1493, CVE-2022-1494, CVE-2022-1495, CVE-2022-1496, CVE-2022-1497, CVE-2022-1498, CVE-2022-1499, CVE-2022-1500, CVE-2022-1501) - <www-client/chromium-101.0.4951.54 <www-client/google-chrome-101.0.4951.54: Multiple vulnerabilities

Summary: <www-client/chromium-101.0.4951.54 <www-client/google-chrome-101.0.4951.54: M...

Status:	RESOLVED FIXED

Alias:	CVE-2022-1477, CVE-2022-1478, CVE-2022-1479, CVE-2022-1480, CVE-2022-1481, CVE-2022-1482, CVE-2022-1483, CVE-2022-1484, CVE-2022-1485, CVE-2022-1486, CVE-2022-1487, CVE-2022-1488, CVE-2022-1489, CVE-2022-1490, CVE-2022-1491, CVE-2022-1492, CVE-2022-1493, CVE-2022-1494, CVE-2022-1495, CVE-2022-1496, CVE-2022-1497, CVE-2022-1498, CVE-2022-1499, CVE-2022-1500, CVE-2022-1501

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:	842831
Blocks:	CVE-2022-29146, CVE-2022-29147
	Show dependency tree

Reported:	2022-04-27 20:29 UTC by Ian Kumlien
Modified:	2022-08-14 14:39 UTC (History)
CC List:	2 users (show)

See Also:	847613
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ian Kumlien 2022-04-27 20:29:38 UTC

Multiple CVE:s - Haven't looked at how serious they are with the CVE scores

https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html

Reproducible: Always

Comment 1 Stephan Hartmann (RETIRED) gentoo-dev

2022-04-29 18:38:09 UTC

[1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06

[1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20

[1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10

[1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17

[1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04

[1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10

[1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08

[1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15

[1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22

[1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08

[1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09

[1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04

[1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25

[1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01

[1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12

[1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michał Bentkowski of Securitum on 2022-04-11

[1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01

[1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17

[1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28

[1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15

[1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29

[1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14

[1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04

[1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25

[1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02

Comment 2 Sam James archtester

2022-05-02 03:18:27 UTC

Tarballs out yet?

Comment 3 Ian Kumlien 2022-05-02 07:41:09 UTC

Tarballs? 

According to the ebuild:
SRC_URI="https://dl.google.com/linux/chrome/deb/pool/main/g/${MY_PN}/${MY_P}_amd64.deb"

So yes, the deb has been out for quite a while....

Comment 4 Alexander Sergeyev 2022-05-02 20:25:37 UTC

The tarball seems to be available now:

$ curl --head https://commondatastorage.googleapis.com/chromium-browser-official/chromium-101.0.4951.41.tar.xz

HTTP/2 200
...

Comment 5 Luke-Jr 2022-05-03 00:00:11 UTC

FWIW, I renamed chromium-101.0.4951.34 to .41 and have been using it since Apr 27

Seems to just work.

Comment 6 Larry the Git Cow gentoo-dev

2022-05-05 20:03:05 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c14562155978a3efdc8dc96bbc49369c682829de

commit c14562155978a3efdc8dc96bbc49369c682829de
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-05 20:02:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-05 20:02:58 +0000

    www-client/chromium: add 101.0.4951.54
    
    Bug: https://bugs.gentoo.org/841371
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                      |    1 +
 www-client/chromium/chromium-101.0.4951.54.ebuild | 1011 +++++++++++++++++++++
 2 files changed, 1012 insertions(+)

Comment 7 Sam James archtester

2022-05-06 00:40:09 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ad114a619937fecfcd747c19028587a7bea05b5

commit 9ad114a619937fecfcd747c19028587a7bea05b5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-06 00:39:21 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-06 00:39:29 +0000

    www-client/chromium: promote 101 to stable channel
    
    Bug: https://bugs.gentoo.org/842831
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/chromium-101.0.4951.54.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 8 Stephan Hartmann (RETIRED) gentoo-dev

2022-05-09 07:36:17 UTC

Cleanup done.

Comment 9 John Helmert III archtester

2022-08-14 04:58:54 UTC

GLSA request filed

Comment 10 Larry the Git Cow gentoo-dev

2022-08-14 14:34:41 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)

Comment 11 Sam James archtester

2022-08-14 14:37:43 UTC

GLSA done, all done.